The reports sets out best practices for addressing key vulnerabilities, such as security in branch offices, the use of mobile devices and combating phishing attacks.

It represents FINRA’s newest initiative as part of ongoing efforts to help broker-dealers, particularly small firms, ensure they have adequate cybersecurity programs, the self-regulatory organization says in a news release.

“Securities firms rate cybersecurity as one of their top operational risks, and our new report addresses areas that firms tend to find most challenging,” says David Kelley, surveillance director, member supervision in FINRA’s Kansas City office, in a statement.

Some of the primary challenges for the industry in ensuring cybersecurity include establishing controls in branch offices, implementing and maintaining controls on mobile devices, rooting out internal security threats and limiting phishing attacks, according to the report.

The report also sets out what FINRA sees as elements of a strong penetration-testing program.

“Firms welcome the opportunity to see the effective practices used by other broker-dealers, so they can benchmark their controls and make informed decisions about establishing or evolving their own programs,” added Yolanda Adewumi-Trottman, examination director, member supervision in FINRA’s New York office.